Overview
Typically, the development of an enterprise-grade IoT solution can be divided into two distinct phases: Identity Orchestration and Network Integration. The former establishes a foundational trust model, while the latter focuses on operational execution and data mobility.
Part 1: Identity Orchestration & Credentialing (The Unified Model)
This phase focuses on establishing a Universal Identity Framework for the device. By decoupling identity from specific connectivity protocols or cloud vendors, this stage serves as the unified foundation for any IoT product line.
- Device Identity Registration:
Enrolling the device into a platform-agnostic central registry to define its digital twin(identity), organizational ownership, and lifecycle status.
- Credential Allocation:
Assigning unique cryptographic "Roots of Trust" (typically X.509 certificates).
TIP
The advantage for unified model: Because this layer is independent of the underlying network or destination cloud, it creates a standardized blueprint that can be reused across diverse hardware families (e.g., ESP32, STM32) and multiple IoT platforms (e.g., AWS, Azure, or private brokers).
Part 2: Network Connectivity & Data Exchange
This phase utilizes the identity established in Part 1 to facilitate secure communication and integrate the device into the functional business logic of the application.
- Secure Network Onboarding:
Leveraging the pre-allocated credentials to establish secure tunnels for data transmission.
Using the unified identity to interact with specific operational environments. This allows the device to be recognized by any cloud provider.
- Bi-directional Messaging:
Telemetry Uplink:
Shipping sensor data and status updates to the ingestion engine.
Command-and-Control (C2) Downlink:
Receiving real-time instructions, configuration changes, or OTA (Over-the-Air) updates from the backend.
How SiX IoT Platform facilitate these two parts?
For Part 1: Identity Orchestration & Credentialing (The Unified Model)
SiX IoT Platform provides the following key services for centralized device registration and provisioning:
- Product Registration
Defines the product category to which an IoT device belongs. This process generates an Integration Key, which is utilized during the factory provisioning phase to securely link devices to the cloud.
- Device Registration
Enables customers to register individual units via the Integration Key or the Management Portal. Upon registration, the device is issued secure credentials and is formally enrolled within the Enterprise IAM workspace.
TIP
A pre-configured SiX IDaaS & IAM instance is provided to customers out-of-the-box. This instance can be seamlessly federated with your existing enterprise IAM infrastructure.
TIP
Why we recommend registering devices within an Enterprise IAM and using Access Tokens for cloud connectivity:
Provisioning a device directly within a specific cloud provider using native credentials (such as X.509 certificates for AWS IoT Core) creates tight coupling between the hardware and the provider's ecosystem. This architectural silo makes it difficult for the device to interact with resources or APIs hosted on secondary cloud platforms.
By leveraging an Enterprise IAM as a centralized identity broker, devices can utilize standardized access tokens to authenticate. This approach enables seamless interoperability, as the enterprise IAM can be federated across multiple cloud environments, allowing devices to access cross-platform resources securely.
For Part 2: Network Connectivity & Data Exchange
TIP
If your device does not utilize MQTT, or if you prefer to integrate with a custom MQTT broker, you can skip this part.
The device utilizes the following standard flow to establish a secure connection with the Cloud:
SiX IoT Platform now provides a comprehensive ESP32 Device SDK and App SDK to streamline network provisioning, facilitate secure token exchange, and enable seamless connectivity to MQTT brokers (such as AWS IoT Core or EMQX).